Network Security News Weekly

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the week of April 23, 2018


SunTrust employee may have tried to steal data from 1.5 million customers
SunTrust announced Friday that it would offer a free identify protection service to all current and new customers to address the "potential data threat and broader risk environment." SunTrust is working with the credit reporting agency Experian on the program, which includes credit monitoring, annual credit reports and identify theft insurance. (By: , MSN)

Why are hospitals such a major target for hackers?
You only need to look at the WannaCry ransomware attack on the NHS last year to see how devastating these incidents can be. The attack led to disruption in over a third (34%) of trusts in England, with thousands of appointments and operations cancelled. It was the biggest ever cyber-attack on the NHS (although not directed solely at the organization) but curiously, no ransom was paid. (By: , IFSec Global)

Google Project Zero hacker discloses a Zero-Day in Windows Lockdown Policy
Google has publicly disclosed a Windows 10 zero-day vulnerability that could be exploited by attackers to bypass Windows Lockdown Policy on systems with User Mode Code Integrity (UMCI) enabled and execute arbitrary code on the target system. The zero-day affects all Windows 10 versions with UMCI enabled, Forshaw successfully exploited it on Windows 10S. (By: , Security Affairs)

Router security options advised following U.S. hacker alert
The U.S. Department of Homeland Security, the FBI and the U.K.'s National Cyber Security Centre issued the warning this week, saying the primary targets of the Russian state-sponsored cyberattacks were government and private sector organizations, network infrastructure providers and internet service providers. The organizations based the alert on malicious activity discovered in compromised networks. (By: , Tech Target)

FDA Proposes Action to Enhance Medical Device Cybersecurity
The Food and Drug Administration has issued plans - some of which will require Congressional approval - for enhancing the safety of medical devices. Those include several proposals for advancing cybersecurity, including imposing new requirements on device manufacturers. (By: , Data Breach Today)

How 21st century security teams can stop phishing schemes from stealing enterprise data
Today, hackers have adopted phishing to reel in even bigger catches, targeting accounts payable teams at Fortune 500 companies to initiate fraudulent wire transfers and swipe employee credentials. Employees are presented with seemingly legitimate web pages where they are asked to enter their user credentials, immediately granting hackers access to entire servers. (By: , )

Take These Steps to Secure Your WordPress Website Before It’s Too Late
You might have heard that WordPress security is often referred to as hardening, WordPress website security is all about putting locks on doors and windows and having lookouts on each of your “towers.” While this may be all good, what can you genuinely do to improve your website’s security – at the same time giving your readers and customers the guarantee that their sensitive information won’t fall into the wrong hands? (By: , Security Affairs)

Reframing Cybersecurity As A Business Enabler
Though the threat is real, instead of viewing cybersecurity in terms of risk, organizations should approach cybersecurity as a business enabler. By building cybersecurity into the foundation of their business strategy, organizations will be able to support business agility, facilitate organizational operations and develop consumer loyalty. (By: , Innovation Enterprise)



Sign Up For Netsec News Weekly

Ingalls Information Security
TOP